Tested Versions

Product URLs

CVSSv3 Score

8.8 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-121: Stack-based Buffer Overflow

Details

SDL_image is a library that handles image loading for the Simple DirectMedia Layer (SDL) library. SDL is a cross-platform library that is designed to provide low-level access to various hardware using OpenGL and Direct3D. The various users of the library include games, video playback software (including VLC), and emulators.

A vulnerability exits in the SDL_image library's handling of XCF images. When an XCF image is read, its properties will be read from the file and used directly in a read operation, potentially resulting in a stack-based buffer overflow. This problem occurs in the read_xcf_property function of the IMG_xcf.c file:

At line 254, it will read the id of the property from the file and then at line 255, it will read the length of the property. This length will then be used at line 277 to copy data from src into prop->data which is 24 bytes in length, causing a buffer overflow if the length provided in the file is larger than 24.

Mitigation

Adding a check to ensure that prop->length <= sizeof(prop->data) would fix the issue: